Capital One 2008 Annual Report Download - page 24

Download and view the complete annual report

Please find page 24 of the 2008 Capital One annual report below. You can navigate through the pages in the report by either clicking on the pages listed below, or by using the keyword search tool below to find specific information within the annual report.

Page out of 186

  • 1
  • 2
  • 3
  • 4
  • 5
  • 6
  • 7
  • 8
  • 9
  • 10
  • 11
  • 12
  • 13
  • 14
  • 15
  • 16
  • 17
  • 18
  • 19
  • 20
  • 21
  • 22
  • 23
  • 24
  • 25
  • 26
  • 27
  • 28
  • 29
  • 30
  • 31
  • 32
  • 33
  • 34
  • 35
  • 36
  • 37
  • 38
  • 39
  • 40
  • 41
  • 42
  • 43
  • 44
  • 45
  • 46
  • 47
  • 48
  • 49
  • 50
  • 51
  • 52
  • 53
  • 54
  • 55
  • 56
  • 57
  • 58
  • 59
  • 60
  • 61
  • 62
  • 63
  • 64
  • 65
  • 66
  • 67
  • 68
  • 69
  • 70
  • 71
  • 72
  • 73
  • 74
  • 75
  • 76
  • 77
  • 78
  • 79
  • 80
  • 81
  • 82
  • 83
  • 84
  • 85
  • 86
  • 87
  • 88
  • 89
  • 90
  • 91
  • 92
  • 93
  • 94
  • 95
  • 96
  • 97
  • 98
  • 99
  • 100
  • 101
  • 102
  • 103
  • 104
  • 105
  • 106
  • 107
  • 108
  • 109
  • 110
  • 111
  • 112
  • 113
  • 114
  • 115
  • 116
  • 117
  • 118
  • 119
  • 120
  • 121
  • 122
  • 123
  • 124
  • 125
  • 126
  • 127
  • 128
  • 129
  • 130
  • 131
  • 132
  • 133
  • 134
  • 135
  • 136
  • 137
  • 138
  • 139
  • 140
  • 141
  • 142
  • 143
  • 144
  • 145
  • 146
  • 147
  • 148
  • 149
  • 150
  • 151
  • 152
  • 153
  • 154
  • 155
  • 156
  • 157
  • 158
  • 159
  • 160
  • 161
  • 162
  • 163
  • 164
  • 165
  • 166
  • 167
  • 168
  • 169
  • 170
  • 171
  • 172
  • 173
  • 174
  • 175
  • 176
  • 177
  • 178
  • 179
  • 180
  • 181
  • 182
  • 183
  • 184
  • 185
  • 186

6
Risk Stewards are responsible for:
continually monitoring the effectiveness of risk management processes for their risk category;
setting direction and establishing risk limits (i.e. risk appetite) for their risk category consistent with the risk appetite
established by the Board;
identifying when a business area is operating outside of established risk limits and driving corrective action.
Each Business Chief Risk Officer is responsible for the following in his/her business division:
assessing the quality of the divisions risk management program and driving to resolve gaps in the risk management
program or in risk mitigation;
creating and maintaining a risk management culture;
executing a comprehensive risk management strategy;
leading regular, actionable risk self-assessments that are reviewed with their Division President and the Enterprise Risk
Management Executive;
ensuring proper controls are in place and that such controls are properly executed;
ensuring risk monitoring and data are proper, comprehensive, and accurate; and
executing an information and communication strategy that supports the risk culture and key risk management objectives.
Risk Management Committees
Capital One maintains the following three top level risk committees, each with appropriate sub-committees as indicated:
1. Asset/Liability Management Committee: oversees rate risk, market risk, capital adequacy, and the investment portfolio
Balance Sheet Risk Management Committee
2. Credit Policy Committee: oversees the corporate credit portfolio and enterprise-wide credit program and policies
Divisional Credit Committees for each major product segment
3. Risk Management Committee: oversees the enterprise risk policy and program with a focus on overall/aggregate risks
 Compliance Committee
Operational Risk Committee
Risk Management and Control Framework
Capital One uses a consistent framework to manage risk. The framework applies at all levels, from the development of the Enterprise
Risk Management Program itself to the tactical operations of the front-line business team. The framework has six key elements:
1. Objective Setting;
2. Risk Assessment;
3. Control Activities;
4. Communication and Information;
5. Program Monitoring; and
6. Organization and Culture.
Objective Setting is at the beginning of our risk management approach. We set strategic, financial, operational, and other objectives
during our strategic and annual planning processes and throughout the year. These objectives cascade through the organization to
individual teams of associates.
Risk Assessment is the process of identifying risks to our objectives, evaluating the impact of those risks and choosing a response.
Responses include avoidance, mitigation, or acceptance. Risk responses are guided by our established risk appetite. In certain risk
categories, risk assessment is largely conducted by central risk groups or jointly between business areas and central groups (market,
liquidity, legal, credit, compliance). In other risk categories, risk assessment is primarily the responsibility of business areas with more
limited central support (strategic, operational, reputation).